Network resource access control is a function typically realized through a combination of functionality from endpoints (users or devices), network switches, and/or authentication servers. A network typically connects endpoints with resources (resident either locally in a server or remotely in a cloud server). Four functions—Identity, Authentication, Authorization, and Access control (e.g., policy enforcement)—may be facilitated and performed in the network. In some network models, third party solutions for Authentication (e.g., single sign-on) and Authorization may be combined with separate devices for Identity and Access Control. Alternatively, another common solution is to leave wired network ports unauthenticated.
Many customer environments are subject to scenarios in which administrators do not have control of end user device software inventory, and they also cannot manage client supplicant installations. Some authentication mechanisms include port-based methods (which involve configurations that are not easily automated), web-based, and Media Access Control (MAC) bypass. This variety of authentication mechanisms may leave customers unable to strike the right balance between security and automation.